Is the blockchain good for security?

The blockchain is now being hyped as the solution to all inefficient information processing systems

Overstock was one of the first online retailers to adopt Bitcoin in a big way. Now it's become the first major company to issue stock on a trading platform powered by the blockchain.

The blockchain is a distributed file system where participants keep copies of the file and agree on changes by consensus. The file is composed of blocks, where each block includes a cryptographic signature of the previous block, creating an immutable record.

"Blockchain trading is much more secure than the current system," said Judd Bagley, director of communications at Salt Lake City-based Overstock.com. "The distributed nature of the network that verifies the integrity of the transactions and associated account balances makes a successful attack mathematically impossible."

Overstock used the t0.com stock trading platform, which it owns. Up to a million common shares will be issued on t0.com, and up to a million preferred shares will be issued on the traditional exchanges.

"There may be no software that has been better proven, from a security standpoint, than Bitcoin," Bagley said. "Building a stock trading platform atop such well proven software should leave all parties feeling very confident, from a security point of view."

In addition, he said, settlement times are reduced from three days to 10 minutes, settlement costs are cut by 80 percent, and counterparty risk is eliminated because the cash and assets are accounted for ahead of time and instantly swapped.

Finally, the blockchain is completely transparent, he said, and cannot be changed.

"Put transparency and immutability together and you have a dream scenario for regulators, auditors and compliance officers," he said.

And it's not just stock trading. The blockchain is now being hyped as the solution to all inefficient information processing systems, such as recording of property transfers, escrow services, and even legal contracts.

But Bitcoin isn't without problems. The cryptocurrency has proven to be extremely volatile and popular with criminals. Regular users have lost millions to theft, the FBI is sitting on stockpiles of confiscated Bitcoins, and some of the members of the Bitcoin Foundation, created to legitimate the currency, are now in jail or on the lam. In addition, the Bitcoin system is slow to process transactions and is facing significant scalability issues.

Are any of these problems endemic to the blockchain itself? And if you're looking to eliminate an old, inefficient manual or batch-based process, the blockchain may be better -- but is it better than other modern types of data structures?

For example, the blockchain lends itself well to peer-to-peer systems but isn't necessarily a good tool for individual enterprises.

"If you're the only participant, you don't need a block chain -- you just need a database," said Prakash Santhana, director for payments risk and integrity at Deloitte Advisory at Deloitte & Touche LLP

More Bitcoin, more problems

Peter Williams, chief edge officer at Deloitte's Centre for the Edge, calculates that each Bitcoin transaction costs roughly $6 in hardware and energy, and consensus approval of each transaction takes about 10 minutes.

That kind of performance doesn't necessarily compare well to competing technologies.

But some of this is due to the way that Bitcoin uses the blockchain.

"Bitcoin throughput is limited," said Mance Harmon, senior director of labs at Ping Identity. "To increase throughput means that you need a business relationship in place, and more trust between peers."

That is very much possible when a blockchain is used by, say, a limited group of business partners.

For example, banks would send money directly to one another instead of going through a centralized clearinghouse like SWIFT or ACH.

In February, 40 of the world's largest banks conducted a trial of five blockchain technologies, including Ethereum, a public block chain platform, as well as blockchains from Chain, Eris Industries, IBM, and Intel.

Ethereum claims to take only 17 seconds to process a transaction, while a San Francisco-based startup, Safe Cash, announced last month that it can process a transaction in under five seconds -- and can handle up to 25,000 transactions per second.

According to Autonomous Research, blockchain technology could save the financial system $16 billion by 2021, or one-third of annual clearing and settlement costs globally.

But getting to that point could be extremely difficult, said Larry Tabb, founder and CEO at Tabb Group, in a report released in February.

"Many massive and in some cases what seem to be insurmountable challenges need to be overcome," he said. "This will take not only years but hundreds of millions if not billions of investment dollars across banks, investors, custodians, and industry infrastructure."

Larger attack surface

As any company with a big database knows, hackers love going after sensitive information. If a blockchain is used to store confidential contract information or payment data, then replicating the file could potentially offer hackers more places to get their hands on it.

This isn't a problem for blockchain data that is meant to be visible to the public. But many investors, for example, would not like others to know that they are taking a position in a particular security, said Tabb.

If the information is meant to be visible, then having multiple copies means that the data is less likely to be lost, said Ping Identity's Harmon, since there are multiple copies of the records.

And if the blockchain contains encrypted information, then it doesn't much matter whether the peers access the data in a single location or in multiple locations, since the number of access points remains the same.

"If a key is compromised, then it can be used to access the database in a hub-and-spoke model, as well as in a distributed database," said Harmon. "There is no difference."